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Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims : 

1-25. (canceled). 

26. (currently amended) A network relaying method for a communication 
network system in which a plurality of network devices are coupled via a 
communication path, each network device including a network relaying device which 
is coupled via a plurality of I/O ports to a corresponding plurality of terminals, the 
method comprising the steps of: 

receiving a packet at a first I/O port from a source terminal coupled to the first 
I/O port, the packet including a header containing a packet transmission source 
address; 

determining whether a first combination of information contained in the 
received packet coincides suff i c ie ntly with a second combination of information that 
has been registered in advance, wherein said first combination of information 
includes the first I/O port and the packet transmission source address of the received 
packet and said second combination of information includes an I/O port and a 
transmission source address that have been registered in advance with a 
correspondence therebetween, and, in response to the determining step resulting in 
a determination that the first combination of information coincides ouff i ciontly with the 
second combination of information, transferring the packet received at the first I/O 
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port via a second I/O port, wherein it is determined that said first combination of 
information coincides suff i ciont l y with said second combination of information that 
has been registered in advance for sa i d r e lay port i on to transf e r th e roc oi v o d pack e t 
from th e s e cond I /O port when only said first I/O port and said packet transmission 
source address coincide with said I/O port and transmission source address that 
have been registered in advance with a correspondence therebetween; 

in response to the determining step resulting in a determination that the first 
combination of information does not coincide suff i c i ent l y with the second 
combination of information: 

limiting transfer of the received packet and transmitting a request for user 
authentication of a user to the source terminal of said received packet; 

receiving user authentication information sent from the source terminal in 
response to the request for user authentication; 

executing user authentication of the user based on the user authentication 
information thus received and based on the packet transmission source address; 

when the user is authenticated by the user authentication executed in the 
executing step, registering the first I/O port with a correspondence to the packet 
transmission source address; 

transferring the packet received at the first I/O port via the second I/O port; 

and 

when the user is not authenticated by the user authentication executed in the 
executing step, not transferring the packet received at the first I/O port. 
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27. (previously presented) A network relaying method according to Claim 26, 
wherein the user authentication information includes a user name and a password. 

28. (previously presented) A network relaying method according to Claim 26, 
wherein the transmission source address includes an IP address and a MAC 
address. 

29. (currently amended) A network relaying apparatus, comprising: 

a plurality of I/O ports adapted to be coupled to a plurality of terminals, 
respectively; 

a communication portion for transmitting and receiving data via the plurality of 
I/O ports; 

a relay portion which determines a transmitting I/O port of the plurality of I/O 
ports, from which a packet received via the communication portion from a receiving 
I/O port of the plurality of I/O ports is output via the communication portion; and 
which determines whether a first combination of information contained in the 
received packet coincides suff i ci e nt l y with a second combination of information that 
has been registered in advance, wherein said first combination of information 
includes the receiving I/O port and a packet transmission source address of the 
received packet and said second combination of information includes an I/O port and 
a transmission source address that have been registered in advance with a 
correspondence therebetween, wherein said relay portion transfers the received 
packet from the transmitting I/O port in response to the relay portion determining that 
the first combination of information coincides suff i c i ent l y with the second combination 



4 



U.S. Application No. 09/455,363 

of information, wherein it is determined bv said relay portion that said first 
combination of information coincides suff i ci e ntly with said second combination of 
information for said r el ay port i on to transf e r th e reco i vod pack e t from th e transm i tt i ng 
I /O port that has been registered in advance when only said receiving I/O port and 
said packet transmission source address coincide with said I/O port and 
transmission source address that have been registered in advance with a 
correspondence therebetween, and wherein said relay portion requests user 
authentication of a user from a source terminal of said received packet in response 
to the relay portion determining that the first combination of information does not 
coincide suff i ciontly with the second combination of information; 

an authentication portion which registers the receiving I/O port with a 
correspondence to the packet transmission source address when completing user 
authentication based on user authentication information sent from the source 
terminal in response to the request for user authentication and based on the packet 
transmission source address, 

wherein when the authentication portion does not authenticate the user, the 
relay portion does not transfer the received packet. 

30. (previously presented) A network relaying apparatus according to Claim 
29, wherein the user authentication information includes a user name and a 
password. 
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31 . (previously presented) A network relaying apparatus according to Claim 
29, wherein the transmission source address includes an IP address and a MAC 
address. 

32. (currently amended) A network relaying method for a communication 
network system in which a plurality of network devices are coupled via a 
communication path, each network device including a network relaying device which 
is coupled via a plurality of I/O ports to a corresponding plurality of terminals, the 
method comprising the steps of: 

receiving a packet at a first I/O port from a source terminal coupled to the first 
I/O port, the packet including a header containing a packet transmission source 
address; 

determining whether a combination of onlv the first I/O port and the packet 
transmission source address coincides with a combination of an I/O port and a 
transmission source address that have been registered in advance with a 
correspondence therebetween; 

when the determining step results in a determination that the combination of 
onlv t he first I/O port and the packet transmission source address coincides with a 
combination of an I/O port and transmission source address that have been 
registered in advance with a correspondence therebetween, transferring the packet 
received at the first I/O port via a second I/O port; 

when the determining step results in a determination that the combination of 
onlv the first I/O port and the packet transmission source address do not have a 
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coincidence with a combination of an I/O port and transmission source address that 
have been registered in advance with a correspondence therebetween: 

limiting transfer of the received packet and transmitting a request for user 
authentication of a user to the source terminal of said received packet; 

receiving user authentication information sent from the source terminal in 
response to the request for user authentication; 

executing user authentication of the user based on the user authentication 
information thus received and based on the packet transmission source address; 

when the user is authenticated by the user authentication executed in the 
executing step, registering the first I/O port with a correspondence to the packet 
transmission source address; 

transferring the packet received at the first I/O port via the second I/O port; 

and 

when the user is not authenticated by the user authentication executed in the 
executing step, not transferring the packet received at the first I/O port; 

wherein the source terminal coupled to the first I/O port belongs to a VLAN; 

and 

wherein when a user is not authenticated by the user authentication executed 
in the executing step, a warning message is sent to all terminals belonging to the 
same VLAN as the source terminal of the packet received at the first I/O port. 

33. (previously presented) The network relaying method according to claim 
26, further comprising the step of performing user authentication periodically for each 
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of said plurality of terminals having an address registered in advance with a 
correspondence to an I/O port. 

34. (previously presented) The network relaying method according to claim 
26, wherein the received packet includes a destination address, and the method 
further comprises the steps of: 

determining whether the destination address is registered in advance as a 
source address in combination with an I/O port; 

if the determining step determines that the destination address of the received 
packet is not registered in advance as a source address in combination with an I/O 
port, user authentication is made as to a destination terminal having the destination 
address, by transmitting a request for user authentication to the destination terminal 
of the received packet; receiving user authentication information sent from the 
destination terminal in response to the request for user authentication based on the 
user authentication information thus received from the destination terminal; when the 
user is authenticated by the user authentication based on the user authentication 
information received from the destination terminal, registering the first I/O port with a 
correspondence to the destination address; and when the user is not authenticated 
by the user authentication based on the user authentication information received 
from the destination terminal, not registering the first I/O port with a correspondence 
to the destination address. 

35. (currently amended) A network relaying apparatus, comprising: 
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a plurality of I/O ports adapted to be coupled to a plurality of terminals, 
respectively; 

a communication portion for transmitting and receiving data via the plurality of 
I/O ports; 

a relay portion which determines a transmitting I/O port of the plurality of I/O 
ports, from which a packet received via the communication portion from a receiving 
I/O port of the plurality of I/O ports is output via the communication portion; and 
which determines whether a combination of onlv the receiving I/O port and a packet 
transmission source address contained in the packet coincides with a combination of 
an I/O port and a transmission source address that have been registered in advance 
with a correspondence therebetween, wherein said relay portion transfers the 
received packet from the transmitting I/O port when the relay portion determines that 
the combination of only the receiving I/O port and the packet transmission source 
address coincides with a combination of an I/O port and transmission source 
address that have been registered in advance with a correspondence therebetween, 
and wherein said relay portion requests user authentication of a user from a source 
terminal of said received packet when the relay portion determines that the 
combination of onlv the receiving I/O port and the packet transmission source 
address do not have a coincidence with a combination of an I/O port and a 
transmission source address that have been registered in advance with a 
correspondence therebetween; 

an authentication portion which registers the receiving I/O port with a 
correspondence to the packet transmission source address when completing user 
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authentication based on user authentication information sent from the source 

terminal in response to the request for user authentication, 

wherein when the authentication portion does not authenticate the user, the 

relay portion does not transfer the received packet, 

wherein the source terminal of the received packet belongs to a VLAN; and 
wherein when a user is not authenticated by the user authentication, a 

warning message is sent to all terminals belonging to the same VLAN as the source 

terminal of the received packet. 

36. (previously presented) The network relaying apparatus according to claim 
29, wherein user authentication is performed periodically for each terminal having an 
address registered in advance with a correspondence to an I/O port. 

37. (previously presented) The network relaying method according to claim 

29, 

wherein the received packet includes a destination address, 
wherein the relay portion determines whether the destination address is 
registered in advance as a source address in combination with an I/O port, 

wherein if the relay portion determines that the destination address of the 
received packet is not registered in advance as a source address in combination with 
an I/O port, the relay portion initiates user authentication as to a destination terminal 
having the destination address by transmitting a request for user authentication to 
the destination terminal of the received packet and receiving user authentication 
information sent from the destination terminal in response to the request for user 
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authentication based on the user authentication information thus received from the 
destination terminal, 

wherein when the user is authenticated by the user authentication based on 
the user authentication information received from the destination terminal, the 
authentication portion registers the receiving I/O port with a correspondence to the 
destination address, and 

wherein when the user is not authenticated by the user authentication based 
on the user authentication information received from the destination terminal, the 
authentication portion does not register the receiving I/O port with a correspondence 
to the destination address. 
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